Legal name obligation in social media

This is the english translation of our post here. Many of our sources are only available in german unfortunately. We hope you still enjoy this post.

Today the Bundesrat will be deciding on a law to fight right-wing extremism and hate-crime. In this law the raising of legal names will become mandatory for social media [1]. We are talking about the §3b in the "Drucksache 87/1/20(neu)" which was added on page 27:

§3b Mandatory identification
(1) Operators of social media and operators of gaming platforms are required to identify the user on registration. In the identification the operators of social media and the operators of gaming platforms have to raise the following informations:
1. the name and adress of the user and
2. in case of natural persons their birth date
(2) The identification of natural persons in cases of subparagraph 1 sentence 2 has to be conducted using
1. a valid legal identity card [...]
2. an electronical proof of identity [...]
3. a qualified electronical signature [...]
4. a [...] notified electronical system of identification. [...]
The validation can also happen with other appropriate processes; [...] though a document in the sense of sentence 1 has to be used respectively for identification.
(translation by us)

This change is justified as a tool to fight hate-speech in the internet on page 20 of the same document:

With the help of the proposed requirement for operators of social media and operators of gaming plattforms to identify the users by raising their names and adresses as well as, with natural persons, their birth date - which is proposed in §3b subparagraph 1 NetzDG - the identification of perpetrators is accelerated and the conducting of investigations is eased. A requirement to provide postings with the according legal name isn't included in that.
(translated by us)

Here we see, that the requirement of the legal name on paper only is towards the operator and the investigating authorities. Furthermore this law only affects social media and gaming platforms with more than two million domestic users.

Obligation for legal names in the internet

The demand for an obligation to use your legal name in the internet often appears in the context of hate-speech in the internet. Usually people demand an obligation to post under your legal name, which would go further than the proposition we're currently looking at. Why losing this pseudonymity would not only be a bad idea but also dangerous was explained in-depth in other places, for example in this article on netzpolitik.org. In that article different scenarios are given as an example which explain why pseudonymity in the internet is necessary. The numerous reasons reach from discrimination to danger for the life of the affected people. The article also links a list in the geek feminist wikia, which goes into way more depth.

Now we have to consider that the proposed law doesn't implement a legal name obligation towards the public, but "only" towards the operators and the state. But even there some problems arise.

Data protection in IT-systems

First of all it's plain illusional to think our data would be secure in an IT-system. On one hand this is caused by there not being an absolutely safe IT-system. Here accidents, technical errors, the entry of unauthorized persons into the system and further reasons can let the date get into the hands of a third party. Furthermore especially big social media sell the data of their users for advertising purposes. There's numerous examples for this: [1] [2] [3] [4] [5] [6]

Assuming the data with the assignment of legal names to social media accounts would not lie with the operator but kept in a central database with the state, we'd still have to assume that those data can be lost due to errors. Furthermore a succesful hacker would convienently have ALL data in one database and not distributed over multiple servers.

Now if in the scenario of this law a data-breach were to happen, the psudonymity on that plattform would be completly gone. Thus its users would be exposed to all the dangers descibed in the above wiki-post.

Dangers by the state

But there's further reasons speaking against this law. Even assuming that the data would only be accessible to the operators and the state, the law would still be dangerous.

There's numerous right wing networks inside of the police and the military. Data from police-computers reaching nazis has happened in the past. For an example lets take a look at the Hannibal-network [1]. If a network, in which among others police-officers are active, is keeping death-lists of political enemies, the assumption is close that those also have been fed by the data of the police.

But also in the case of the "NSU 2.0" a real threat was posed by the police. In that case data were accessed from a computer, which later was used to write a threat agains a Frankfurt lawyer [1].

Thus we have to assume, that this law would be a real danger to the groups endagered by nazis, because they'd have an easier access to their data.

Furhtermore we have to consider that this law make the life of opositionals and activists in a state becoming more authoritarian unsafer. This law would be absolutely deadly in the hands of a fascist government.

Access to social media

This rule would also affect people without documents. For example refugees, homeless people etc. wouldn't be able to use social networks, though thos would offer essential use. Be it for the networking among each other, be it to hold contact to the families left back. But also the possibility to describe ones own perspecitve and defend ones own opinion would be strongly restricted. People who already have a only very small platform would lose access to one of the biggest platforms of the current times.

But also minors wouldn't have a possibility to register to social media. This is because less than sixteen-year-olds can't have an ID-card without their parents permission. This would go against the current reality and would again restrict the platform of a people, who already only have a small one.

Facebook

On Facebook this law would mean a real egal name obligation. Facebook suggest strongly in its policies, that users should use their names [1]. They also have an automated check if the used names sound real.

Raising the id-information at registration would probably lead to making pseudonymity on that platform impossible. Even though we generally would strongly discourage the use of Facebook, this still would be an alarming development.

Consequences for free, decentralized social networks

Alos free, decentral social networks like Mastodon could be affected by this law. Single instances surely wouldn't pass the two million-mark, but they can all communicate freely amon each other. The whole network of instances  with it's more than three million users would very well be affected.

But the single, mostly unpaid, operators surely would be unable to achieve the administrative effort required by this regulation. Thus a free and decentral alternative to the big, proprietary networks would be damaged.

Effectivity of the measures

Furthermore it is questionable if the measures would reach the desired goal. This can be seen by nazis being able to stir up hatred against minorities they don't like under their legal names, without there being any official reaction. If the missing anonymity would really be effective here can be seen as questionable.

On Facebook, where people are noncommitably asked to give their legal names the problem also doesn't seem to be gone.

Furthermore the experiences in South-Korea, where in 2007 a legal name obligation was implemented, seem to paint another image [1]. There the decrease of "malicious comments" only was from 13.9 to 13.0 perscent of all comments. The law was later sacked by the constitutional court, because it went against the freedom of speech in the internet [2].

Evaluating the IP addresses would be more than enough for the legal authorities. In particular because the way to avoid that evaluation is very similar to the method to evoid the raising of legal names if that is only implemented in Germany (because you'd be perfectly able to fake a different country with a VPN).

Established law

In addition this regulation probably would go against established law (which remains unchanged by the proposed law). For this lets take a look at §13 (6) of the Telemediengesetzes:

(6) The operator has to enable use of telemedia and their payment anonymously or under a pseudonym, as long as this is technically possible and reasonable. The user is to be informed about this possibility.

Conclusion

In summary we're able to say that the law to be decided today in the Bundesrat ineffective and dangerous. On one hand the demanded measures won't achieve their goal. Especially since to achieve that degree of an effect there'd be measures of far lower danger in the hands of the lawmakers. Here we can again observe the technical ignorance of the governmant in regards to digital policies, which as so often doesn't go further than being blind actionism.

Furthermore it's shown how lawmaking by overly privileged groups hardly reflects the issues of disciminated groups. In addition another stone is laid out to strengthe the surveillance state. And again the monopoly position of american platforms like Facebook is strengthened.

With this it should be clear that this law does damage to an extent which is way higher than would be reasonable regarding the at best discutable use of those measures.

Finally we'd mention the current corona crisis. Due to the complete focus of the coverage on that crisis, this legal change seems to go under the radar of most reporters. Furthermore the possibilities of protest against it are currently massively restricted. Under normal cirumstances this law would probably not difficult to prevent, especially in regard to not even the committees being of one opinion in this case [1].

Cover Picture by: Etienne Girardet